Information on data processing

1. Purpose, scope and applicable laws of the data protection notice

The purpose of this information is to record the data protection and privacy policies applied by VÖRS BALATON NGO.

Data management principles, the organization’s privacy and data management policy, which the organization recognizes as a controller.

When preparing the provisions of the Communication, the Organization took into account in particular Regulation 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation” or “GDPR”), as well as Act CXII of 2011 on the right to informational self-determination and freedom of information, Act no. 111/2013 (“Information Act”), Act no. 5/2013 on the Civil Code (“Civil Code”) and Act no. XLVIII/2008 on the basic conditions and certain restrictions on commercial advertising activities. the provisions of the Act (“Grtv.”).

This privacy policy applies to https://vors-balaton-ngo.com (hereinafter referred to as the “Website”) available at The privacy policy is valid until revoked.

The purpose of the privacy policy is to harmonize data processing activities.

The provisions of the organisation’s other internal rules to protect the fundamental rights and freedoms of natural persons and to ensure appropriate processing of personal data.

Another important purpose of publishing the privacy policy is to familiarize you with the data protection regulations and

By complying with it, the organization can lawfully process the data of natural persons.

2. Identity of the person responsible

Name: VÖRS BALATON NGO

Location: 8711 Vörs Kis, Balaton u 14, Hungary

Tax number: 19399872-1-14

E-Mail: info@vors-balaton-ngo.hu

Data protection officer: Winkler Petra Angelika, data controller, organization registered in Hungary.

3. Key concepts and definitions

  • The GDPR (General Data Protection Regulation) is the European Union’s new data protection regulation.
  • Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may also be provided for by Union or Member State law.
  • Data processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • Data processor: the natural or legal person, public authority, agency or any other body which processes personal data on behalf of the data controller.
  • personal data: any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a telephone number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • Third party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
  • Consent of the data subject: any freely given, specific, appropriate and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data concerning him or her.
  • Restriction of data processing: Marking stored personal data with the aim of restricting its future processing.
  • Data deletion: Making data unrecognizable so that it can no longer be restored.
  • Data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed.

4. Principles of data processing

Personal Data:

  • Processing must be lawful, fair and transparent in relation to the data subject (“lawfulness, fairness and transparency”).
  • collected only for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (‘purpose limitation’) shall not be considered incompatible with the original purpose pursuant to Article 89(1)
  • They must be adequate and relevant in relation to the purposes of the processing and limited to what is necessary (“data minimization”)
  • They must be accurate and, where necessary, up-to-date; every reasonable step must be taken to ensure that personal data which are inaccurate, having regard to the purposes of the processing, are erased or rectified without delay (“accuracy”).
  • must be kept in a form which permits identification of data subjects for no longer than is necessary to achieve the purposes for which the personal data are processed; personal data may be stored for a longer period only where the personal data are processed for archiving purposes in the public interest, scientific and historical research purposes or statistical purposes pursuant to Article 89(1), subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of data subjects as provided for in this Regulation (‘limited storage’);
  • must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage to the data (“integrity and confidentiality”), through the application of appropriate technical and organisational measures.

The controller is responsible for compliance with the aforementioned provisions and must be able to demonstrate such compliance (“accountability”).

5. Purpose of data processing

The responsible party processes personal data exclusively for the intended purpose. The data is collected and processed fairly and lawfully. The responsible party endeavours to process only such personal data that is absolutely necessary for the purpose of data management and is suitable for achieving the purpose. Personal data may only be processed to the extent and for the period necessary to achieve the respective purpose.

6. Scope of data processed

Data processing in connection with the operation of the website

Purpose of data processing: By storing the data provided during registration, the controller can provide a more convenient service (e.g. the data subject does not have to re-enter his or her data when making a subsequent donation).

Legal basis of data processing: Consent of the data subject, Article 6 (1) a) of the Information Act. Section 5(1) and Act CVIII of 2001 on certain issues of electronic commerce and information society services. Act (hereinafter referred to as the “Elker Act”) 13/A. Section (3):

Circle of data subjects: All data subjects who are donating on the website

Duration of data storage, deadline for data deletion: Immediately after deregistration. Accounting documents are excluded from this, as these data must be kept for 8 years according to Article 169 (2) of Act C of 2000 on accounting.

(Accounting records directly and indirectly supporting the accounting records (including general ledger accounts, analytical and detailed records) must be kept in legible form for at least 8 years and must be retrievable by reference to the accounting records.)

Potential controllers with access authorization, recipients of personal data: Personal data may be processed by employees of the controller in compliance with the principles mentioned above.

Description of the rights of those affected in connection with data processing:

  • The data subject may request the personal data concerning him or her from the controller.
  • Information about the data, correction, deletion or restriction of processing as well as
  • object to the processing of these personal data and
  • The data subject has the right to data portability and can withdraw his or her consent at any time.

You can request the deletion or modification of your personal data in the following ways:

The following data can be changed on the websites: password, first and last name, email address, telephone number, billing address, delivery address, contact person. The data subject can request the deletion or modification of personal data in the following way:

  • by mail: VÖRS BALATON NGO EGYESÜLET, 8711 Vörs, Kis-Balaton u 14, Hungary
  • by email to info@vors-balaton-ngo.hu
CONTACT US

Purpose of data processing: Establishing contact, maintaining contact, providing information, requesting information.

Legal basis for data processing: voluntary consent of the data subject, Article 6 paragraph 1 letter a GDPR.

Scope of data processed: Name (identification), email address (contact), telephone number (contact)

Deadline for data deletion: 2 years after the last contact

You can request the deletion or modification of your personal data in the following ways:

  • by mail: VÖRS BALATON NGO EGYESÜLET, 8711 Vörs, Kis-Balaton u 14, Hungary
  • by email: info@vors-balaton-ngo.hu

 

7. Type of data processing

The controller stores the data subject’s data on its own servers and temporarily on the controller’s computers. Only the controller is authorized to process the data subject’s personal data.

The data is always provided on a voluntary basis, i.e. the data subject is free to decide whether to provide the personal data requested. If the data subject consents, the data controller processes the data in accordance with applicable law and within the scope of the data subject’s consent.

In order to prevent unauthorized use and misuse of the processed personal data, the controller takes extensive technical and operational security measures. We regularly review our security procedures and develop them in line with technological developments.

8. Technical data and cookie management

Because natural persons can be linked to online identifiers provided by the devices, applications, tools and protocols they use, such as IP addresses and cookie identifiers, this data, when combined with other information, is suitable and can be used to build a profile of natural persons and to identify that individual.

Cookies are also useful for saving preferences so that the user does not have to re-enter them when visiting a new page. They remember previously entered data so that it does not have to be re-entered. They analyze the use of the website in order to make improvements using the information obtained so that it functions as closely as possible to the user’s expectations, the user can easily find the information they are looking for and they monitor the effectiveness of our advertising.

When the Controller displays various content on the Website using external web services, this may result in the storage of some cookies that are not controlled by the Controller. Therefore, it has no influence on what data these websites or external domains collect. Information about these cookies can be found in the policies for the respective service. The User can set his web browser to accept all cookies, reject all or notify the User when a cookie is received on his computer. The setting options can usually be found in the browser settings.

You can find these in the “Options” or “Settings” menu. The detailed information on the English-language website www.aboutcookies.org will also help you with the settings in different browsers.

Cookies used by the website:

  • Necessary cookies: Website-specific cookies are called “password-protected session cookies” and “security cookies”, the use of which does not require the prior consent of the data subject. After closing the website, these cookies are automatically deleted and the session is ended.
  • Functional cookies: These cookies recognize the device you used to access our website and remember your previous user preferences (e.g. username, password, language selection, region, whether you were logged in during a previous session, changes you made to text size, font or other customizable elements of the website) to enhance your user experience and offer you better and more personalized features. These cookies do not track your activity on other websites and we do not use them to send you advertisements across other websites.
  • Google Analytics cookie: Google Analytics is Google’s analytics tool that helps website and app owners get a more accurate picture of their visitors’ activities. The service may use cookies to collect information and report statistical data on website usage, without Google being able to individually identify visitors. The main cookie used by Google Analytics is “ga”. In addition to reporting statistical data on website usage, Google Analytics can also be used to display more relevant ads on Google properties (like Google Search) and across the web.

Cookies required to use the website

 

NAME

 

Cookies

 

FUNCTION

DATE OF DELETION /

DEADLINE

WordPress_

session configuration

Contains session settings and ensures that the session/cookie is unique on a computer/browser.

 When the browser program process is terminated

displayed_cookie-policy, CookieLawInfoConsent, Cookielawinfo-checkbox-not-necessary, Cookielawinfo-checkbox-necessary

Cookie recording for consent to the use of cookies

When you access the site, you accept the declaration regarding cookie storage in the warning window.

7 Takes

9. Data transfer

The controller will only pass on personal data to third parties if the data subject has expressly consented to this, having knowledge of the scope of the data transmitted and the recipient of the data transmission, or if the data transmission is legally permissible. The data controller documents data transmissions in all cases and keeps records of data transmissions.

10. Data processing

The controller is entitled to use a processor to carry out its activities. Processors do not make independent decisions, but are only authorized to act within the framework of the contract concluded with the controller and the instructions received. The data controller monitors the work of the data processors. The processor is only permitted to use additional processors with the consent of the controller.

Data processors used by the data controller:

10.1. DATA PROCESSING ACTIVITIES RELATED TO WEB STORAGE SERVICES

  • Name of the data processor: VÖRS BALATON NGO
  • The registered office of the data processor is: 8711 Vörs, Kis-Balaton u 14, Hungary
  • The Data Processor participates in hosting the Website on the basis of a written contract concluded with the Data Controller. In doing so, the Data Processor records the Customer’s personal data recorded in the Website’s database in its IT system.

Duration of data management, deadline for data deletion: Until the termination of the agreement between the data controller and the hosting service provider or until the data subject submits a deletion request to the hosting service provider.

10.2. Accounting-related data processing

  • Name of the data processor: Zsófia Dákai – Györgyfalvay, accountant.
  • Registered office of the data processor: 8360 Keszthely Pacsirta u 31
  • Data processor’s telephone number: 06-30-314-8813

The data processor participates in the entry of accounting documents on the basis of a written contract concluded with the data controller. The processor stores the name and address of the data subject, insofar as this is necessary for accounting purposes, in accordance with the provisions of the Personal Data Protection Act. The data is processed for the period specified in Section 169 (2) and is then deleted immediately.

11. Data security, data access

The Controller ensures the security of the data, adopts the technical and organizational measures and develops the procedural rules necessary to enforce the applicable laws and data protection and confidentiality regulations. The Controller takes appropriate measures to protect the data against unauthorized access, alteration, transfer, disclosure, deletion or destruction, as well as against accidental destruction and damage and against inaccessibility as a result of changes in the technology used.

The Controller records the data it processes in accordance with applicable laws and ensures that only employees and other persons acting in the interests of the Controller (processors) who need the data to perform their duties and activities can access it. Access to the data is only possible within the employee’s organization after registration. The Controller’s employees carry out individual searches and individual operations on the data only at the user’s request or when necessary to provide the service.

12. Duration of data processing

The data controller will delete personal data if:

  • The processing is unlawful: If it turns out that the data is being processed unlawfully, the controller will delete it immediately.
  • the data subject requests (except in the case of data processing based on the law): The data subject may request the erasure of data that was processed on the basis of his or her voluntary consent. In this case, the controller will erase the data.
  • the data is incomplete or incorrect – and this situation cannot be remedied by legal means – unless there are legal provisions that prevent deletion
  • the purpose of the data processing no longer applies or the statutory period for storing the data has expired. Since the controller provides ongoing services to the data subject, the relationship between the parties is not subject to any time limit. On this basis, unless the data subject requests it, the controller processes the data for as long as the relationship between the controller and the data subject exists and for as long as the controller can provide services to the data subject. All other data will be deleted by the controller when it is certain that this data will no longer be used in the future, i.e. the purpose of data management has ceased to apply.
  • this has been ordered by a court or the National Authority for Data Protection and Freedom of Information: If a court or the National Authority for Data Protection and Freedom of Information definitively orders the deletion of the data, the deletion will be carried out by the controller. Instead of deletion, the controller will block the personal data – with information to the data subject – if the data subject requests this or if, based on the information available to him, it can be assumed that deletion would harm the data subject’s legitimate interests. Personal data blocked in this way may only be processed as long as the purpose of the data processing that prevents deletion of the personal data continues to exist. The controller shall mark the personal data it processes if its correctness or accuracy is contested by the data subject, but the incorrectness or inaccuracy of the contested personal data cannot be clearly determined. In the case of data processing required by law, the deletion of the data is governed by the statutory provisions. In the case of deletion, the controller will make the data unrecognizable. If required by law, the controller will destroy the data storage device containing personal data.

13. Rights in connection with data processing

Right to information: Any data subject can request information about which data the organization processes, on what legal basis, for what purpose, from what source and for how long, using the contact details provided. The information must be provided to the contact address provided immediately upon your request, but no later than within 30 days.

Right to rectification: Any person can request the rectification of their data using the contact details provided. This must be done immediately upon request, but no later than within 30 days, and the information must be sent to the contact details provided.

Right to erasure: Any person can request the erasure of their data using the contact details provided. Upon request, this must be done immediately, but no later than within 30 days, and the information must be sent to the contact details provided.

Data that we are required to retain for commercial purposes due to legal, statutory or contractual obligations will be blocked instead of deleted and its use for other purposes will be prevented.

Right to blocking and restriction: Any person can request that their data be blocked using the contact details provided. The blocking lasts as long as the stated reason requires the data to be stored. This must be done immediately upon request, but no later than within 30 days, and the information must be sent to the contact details provided.

Right of objection: Any data subject may object to data processing using the contact details provided. The objection must be examined as soon as possible after the request has been made, but no later than within 15 days. A decision must be made on the objection and information about the decision must be sent to the contact address provided.

14. Legal remedies in connection with data processing

National Data Protection and Freedom of Information Authority Postal address: 1530 Budapest, PO Box: 5.

Address: 1125 Budapest, Szilágyi Erzsébet fasor 22/c

Telephone: +36 (1) 391-1400

Fax: +36 (1) 391-1410

E-Mail: ugyfelszolgalat@naih.hu

Website: https://naih.hu

Donate

Support Us and Change the Course of Community Today!

We are committed to getting young people into work and promoting traditional craft businesses. At the same time, environmental protection must not be neglected. None of this is possible without the appropriate financial resources. Please support us, because ultimately this benefits us all.

Donate